• Stars
    star
    103
  • Rank 333,046 (Top 7 %)
  • Language
    Ruby
  • License
    Apache License 2.0
  • Created over 12 years ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Development repository for the postfix cookbook

postfix Cookbook

Cookbook Version CI State OpenCollective OpenCollective License

Installs and configures postfix for client or outbound relayhost, or to do SASL authentication.

On RHEL-family systems, sendmail will be replaced with postfix.

Maintainers

This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.

Requirements

Platforms

  • Ubuntu
  • Debian
  • RHEL/CentOS/Scientific
  • Amazon Linux (as of AMIs created after 4/9/2012)
  • FreeBSD

May work on other platforms with or without modification.

Chef

  • Chef 12.1+

Cookbooks

  • none

Attributes

See attributes/default.rb for default values.

Generic cookbook attributes

  • node['postfix']['mail_type'] - Sets the kind of mail configuration. master will set up a server (relayhost).
  • node['postfix']['relayhost_role'] - name of a role used for search in the client recipe.
  • node['postfix']['relayhost_port'] - listening network port of the relayhost.
  • node['postfix']['multi_environment_relay'] - set to true if nodes should not constrain search for the relayhost in their own environment.
  • node['postfix']['use_procmail'] - set to true if nodes should use procmail as the delivery agent.
  • node['postfix']['use_alias_maps'] - set to true if you want the cookbook to use/configure alias maps
  • node['postfix']['use_transport_maps'] - set to true if you want the cookbook to use/configure transport maps
  • node['postfix']['use_access_maps'] - set to true if you want the cookbook to use/configure access maps
  • node['postfix']['use_virtual_aliases'] - set to true if you want the cookbook to use/configure virtual alias maps
  • node['postfix']['use_relay_restrictions_maps'] - set to true if you want the cookbook to use/configure a list of domains to which postfix will allow relay
  • node['postfix']['aliases'] - hash of aliases to create with recipe[postfix::aliases], see below under Recipes for more information.
  • node['postfix']['transports'] - hash of transports to create with recipe[postfix::transports], see below under Recipes for more information.
  • node['postfix']['access'] - hash of access to create with recipe[postfix::access], see below under Recipes for more information.
  • node['postfix']['virtual_aliases'] - hash of virtual_aliases to create with recipe[postfix::virtual_aliases], see below under Recipes for more information.
  • node['postfix']['main_template_source'] - Cookbook source for main.cf template. Default 'postfix'
  • node['postfix']['master_template_source'] - Cookbook source for master.cf template. Default 'postfix'

main.cf and sasl_passwd template attributes

The main.cf template has been simplified to include any attributes in the node['postfix']['main'] data structure. The following attributes are still included with this cookbook to maintain some semblance of backwards compatibility.

This change in namespace to node['postfix']['main'] should allow for greater flexibility, given the large number of configuration variables for the postfix daemon. All of these cookbook attributes correspond to the option of the same name in /etc/postfix/main.cf.

  • node['postfix']['main']['biff'] - (yes/no); default no
  • node['postfix']['main']['append_dot_mydomain'] - (yes/no); default no
  • node['postfix']['main']['myhostname'] - defaults to fqdn from Ohai
  • node['postfix']['main']['mydomain'] - defaults to domain from Ohai
  • node['postfix']['main']['myorigin'] - defaults to $myhostname
  • node['postfix']['main']['mynetworks'] - default is nil, which forces Postfix to default to loopback addresses.
  • node['postfix']['main']['inet_interfaces'] - set to loopback-only, or all for server recipe
  • node['postfix']['main']['alias_maps'] - set to hash:/etc/aliases
  • node['postfix']['main']['mailbox_size_limit'] - set to 0 (disabled)
  • node['postfix']['main']['mydestination'] - default fqdn, hostname, localhost.localdomain, localhost
  • node['postfix']['main']['smtpd_use_tls'] - (yes/no); default yes. See conditional cert/key attributes.
  • node['postfix']['main']['smtpd_tls_cert_file'] - conditional attribute, set to full path of server's x509 certificate.
  • node['postfix']['main']['smtpd_tls_key_file'] - conditional attribute, set to full path of server's private key
  • node['postfix']['main']['smtpd_tls_CAfile'] - set to platform specific CA bundle
  • node['postfix']['main']['smtpd_tls_session_cache_database'] - set to btree:${data_directory}/smtpd_scache
  • node['postfix']['main']['smtp_use_tls'] - (yes/no); default yes. See following conditional attributes.
  • node['postfix']['main']['smtp_tls_CAfile'] - set to platform specific CA bundle
  • node['postfix']['main']['smtp_tls_session_cache_database'] - set to btree:${data_directory}/smtpd_scache
  • node['postfix']['main']['smtp_sasl_auth_enable'] - (yes/no); default no. If enabled, see following conditional attributes.
  • node['postfix']['main']['smtp_sasl_password_maps'] - Set to hash:/etc/postfix/sasl_passwd template file
  • node['postfix']['main']['smtp_sasl_security_options'] - Set to noanonymous
  • node['postfix']['main']['relayhost'] - Set to empty string
  • node['postfix']['sender_canonical_map_entries'] - (hash with key value pairs); default not configured. Setup generic canonical maps. See man 5 canonical. If has at least one value, then will be enabled in config.
  • node['postfix']['smtp_generic_map_entries'] - (hash with key value pairs); default not configured. Setup generic postfix maps. See man 5 generic. If has at least one value, then will be enabled in config.
  • node['postfix']['recipient_canonical_map_entries'] - (hash with key value pairs); default not configured. Setup generic canonical maps. See man 5 canonical. If has at least one value, then will be enabled in config.
  • node['postfix']['sasl']['smtp_sasl_user_name'] - SASL user to authenticate as. Default empty. You can only use this until the current version. The new syntax is below.
  • node['postfix']['sasl']['smtp_sasl_passwd'] - SASL password to use. Default empty. You can only use this until the current version. The new syntax is below.
  • node['postfix']['sasl'] = json { "relayhost1" => { 'username' => 'foo', 'password' => 'bar' }, "relayhost2" => { ... } } - You must set the following attribute, otherwise the attribute will default to empty

Example of json role config, for setup *_map_entries:

postfix : {

...

"smtp_generic_map_entries" : { "[email protected]" : "[email protected]", "[email protected]" : "[email protected]" }

}

master.cf template attributes

The master.cf template has been changed to allow full customization of the file content. For purpose of backwards compatibility default attributes generate the same master.cf. But via node['postfix']['master'] data structure in your role for instance it can be completelly rewritten.

Examples of json role config, for customize master.cf:

postfix : {

...

turn some services off or on:

  "master" : {
    "smtps": {
      "active": true
    },
    "old-cyrus": {
      "active": false
    },
    "cyrus": {
      "active": false
    },
    "uucp": {
      "active": false
    },
    "ifmail": {
      "active": false
    },

... define you own service:

    "spamfilter": {
      "comment": "My own spamfilter",
      "active": true,
      "order": 590,
      "type": "unix",
      "unpriv": false,
      "chroot": false,
      "command": "pipe",
      "args": ["flags=Rq user=spamd argv=/usr/bin/spamfilter.sh -oi -f ${sender} ${recipient}"]
    }

...

} }

The possible service hash fields and their meanings: hash key - have to be unique, unless you wish to override default definition.

Field Mandatory Description
active Yes Boolean. Defines whether or not the service needs to be in master.cf
comment No String. If you would like to add a comment line before service line
order Yes Integer. Number to define the order of lines in the file
type Yes String. Type of the service (inet, unix, fifo)
private No Boolean. If present replaced by y or n, otherwise by -
unpriv No Boolean. If present replaced by y or n, otherwise by -
chroot No Boolean. If present replaced by y or n, otherwise by -
wakeup No String. If present value placed in file, otherwise replaced by -
maxproc No String. If present value placed in file, otherwise replaced by -
command Yes String. The command to be executed.
args Yes Array of Strings. Arguments passed to command.

For more information about meaning of the fields consult master (5) manual: http://www.postfix.org/master.5.html

Recipes

default

Installs the postfix package and manages the service and the main configuration files (/etc/postfix/main.cf and /etc/postfix/master.cf). See Usage and Examples to see how to affect behavior of this recipe through configuration. Depending on the node['postfix']['use_alias_maps'], node['postfix']['use_transport_maps'], node['postfix']['use_access_maps'] and node['postfix']['use_virtual_aliases'] attributes the default recipe can call additional recipes to manage additional postfix configuration files

For a more dynamic approach to discovery for the relayhost, see the client and server recipes below.

client

Use this recipe to have nodes automatically search for the mail relay based which node has the node['postfix']['relayhost_role'] role. Sets the node['postfix']['main']['relayhost'] attribute to the first result from the search.

Includes the default recipe to install, configure and start postfix.

Does not work with chef-solo.

sasl_auth

Sets up the system to authenticate with a remote mail relay using SASL authentication.

server

To use Chef Server search to automatically detect a node that is the relayhost, use this recipe in a role that will be relayhost. By default, the role should be "relayhost" but you can change the attribute node['postfix']['relayhost_role'] to modify this.

Note This recipe will set the node['postfix']['mail_type'] to "master" with an override attribute.

maps

General recipe to manage any number of any type postfix lookup tables. You can replace with it recipes like transport or virtual_aliases, but what is more important - you can create any kinds of maps, which has no own recipe, including database lookup maps configuration. maps is a hash keys of which is a lookup table type and value is another hash with filenames as the keys and hash with file content as the value. File content is an any number of key/value pairs which meaning depends on lookup table type. Examlle:

  "override_attributes": {
    "postfix": {
      "maps": {
        "hash": {
          "/etc/postfix/vmailbox": {
            "[email protected]": "ok",
            "[email protected]": "ok",
          },
          "/etc/postfix/virtual": {
            "[email protected]": "[email protected]",
            "[email protected]": "[email protected]",
            "[email protected]": "[email protected]"
          },
          "/etc/postfix/envelope_senders": {
            "@example.com": "[email protected]",
            "@example.net": "[email protected]"
          },
          "/etc/postfix/relay_recipients": {
            "[email protected]": "ok",
            "[email protected]": "ok",
            "[email protected]": "ok",
          }
       },
       "pgsql": {
          "/etc/postfix/pgtest": {
            "hosts": "db.local:2345",
            "user": "postfix",
            "password": "test",
            "dbname": "postdb",
            "query": "SELECT replacement FROM aliases WHERE mailbox = '%s'"
          }
        }
     }
  }

To use these files in your configuration reference them in node['postfix']['main'], for instance:

    "postfix": {
      "main": {
        "smtpd_sender_login_maps": "hash:/etc/postfix/envelope_senders",
        "relay_recipient_maps": "hash:/etc/postfix/relay_recipients",
        "virtual_mailbox_maps": "hash:/etc/postfix/vmailbox",
        "virtual_alias_maps": "hash:/etc/postfix/virtual",
      }
    }

aliases

Manage /etc/aliases with this recipe. Currently only Ubuntu 10.04 platform has a template for the aliases file. Add your aliases template to the templates/default or to the appropriate platform+version directory per the File Specificity rules for templates. Then specify a hash of aliases for the node['postfix']['aliases'] attribute.

Arrays are supported as alias values, since postfix supports comma separated values per alias, simply specify your alias as an array to use this handy feature.

aliases

Manage /etc/aliases with this recipe.

transports

Manage /etc/postfix/transport with this recipe.

access

Manage /etc/postfix/access with this recipe.

virtual_aliases

Manage /etc/postfix/virtual with this recipe.

relay_restrictions

Manage /etc/postfix/relay_restriction with this recipe The postfix option smtpd_relay_restrictions in main.cf will point to this hash map db.

http://wiki.chef.io/display/chef/Templates#Templates-TemplateLocationSpecificity

Usage

On systems that should simply send mail directly to a relay, or out to the internet, use recipe[postfix] and modify the node['postfix']['main']['relayhost'] attribute via a role.

On systems that should be the MX for a domain, set the attributes accordingly and make sure the node['postfix']['mail_type'] attribute is master. See Examples for information on how to use recipe[postfix::server] to do this automatically.

If you need to use SASL authentication to send mail through your ISP (such as on a home network), use postfix::sasl_auth and set the appropriate attributes.

For each of these implementations, see Examples for role usage.

Examples

The example roles below only have the relevant postfix usage. You may have other contents depending on what you're configuring on your systems.

The base role is applied to all nodes in the environment.

name "base"
run_list("recipe[postfix]")
override_attributes(
  "postfix" => {
    "mail_type" => "client",
    "main" => {
      "mydomain" => "example.com",
      "myorigin" => "example.com",
      "relayhost" => "[smtp.example.com]",
      "smtp_use_tls" => "no"
    }
  }
)

The relayhost role is applied to the nodes that are relayhosts. Often this is 2 systems using a CNAME of smtp.example.com.

name "relayhost"
run_list("recipe[postfix::server]")
override_attributes(
  "postfix" => {
    "mail_type" => "master",
    "main" => {
      "mynetworks" => [ "10.3.3.0/24", "127.0.0.0/8" ],
      "inet_interfaces" => "all",
      "mydomain" => "example.com",
      "myorigin" => "example.com"
  }
)

The sasl_relayhost role is applied to the nodes that are relayhosts and require authenticating with SASL. For example this might be on a household network with an ISP that otherwise blocks direct internet access to SMTP.

name "sasl_relayhost"
run_list("recipe[postfix], recipe[postfix::sasl_auth]")
override_attributes(
  "postfix" => {
    "mail_type" => "master",
    "main" => {
      "mynetworks" => "10.3.3.0/24",
      "mydomain" => "example.com",
      "myorigin" => "example.com",
      "relayhost" => "[smtp.comcast.net]:587",
      "smtp_sasl_auth_enable" => "yes"
    },
    "sasl" => {
      "relayhost1" => {
        "username" => "your_password",
        "password" => "your_username"
      },
      "relayhost2" => {
        ...
      },
      ...
    }
  }
)

For an example of using encrypted data bags to encrypt the SASL password, see the following blog post:

Examples using the client & server recipes

If you'd like to use the more dynamic search based approach for discovery, use the server and client recipes. First, create a relayhost role.

name "relayhost"
run_list("recipe[postfix::server]")
override_attributes(
  "postfix" => {
    "main" => {
      "mynetworks" => "10.3.3.0/24",
      "mydomain" => "example.com",
      "myorigin" => "example.com"
    }
  }
)

Then, add the postfix::client recipe to the run list of your base role or equivalent role for postfix clients.

name "base"
run_list("recipe[postfix::client]")
override_attributes(
  "postfix" => {
    "mail_type" => "client",
    "main" => {
      "mydomain" => "example.com",
      "myorigin" => "example.com"
    }
  }
)

If you wish to use a different role name for the relayhost, then also set the attribute in the base role. For example, postfix_master as the role name:

name "postfix_master"
description "a role for postfix master that isn't relayhost"
run_list("recipe[postfix::server]")
override_attributes(
  "postfix" => {
    "main" => {
      "mynetworks" => "10.3.3.0/24",
      "mydomain" => "example.com",
      "myorigin" => "example.com"
    }
  }
)

The base role would look something like this:

name "base"
run_list("recipe[postfix::client]")
override_attributes(
  "postfix" => {
    "relayhost_role" => "postfix_master",
    "mail_type" => "client",
    "main" => {
      "mydomain" => "example.com",
      "myorigin" => "example.com"
    }
  }
)

To use relay restrictions override the relay restrictions attribute in this format:

override_attributes(
  "postfix" => {
    "use_relay_restrictions_maps" => true,
    "relay_restrictions" => {
      "chef.io" => "OK",
      ".chef.io" => "OK",
      "example.com" => "OK"
    }
  }
)

Contributors

This project exists thanks to all the people who contribute.

Backers

Thank you to all our backers!

https://opencollective.com/sous-chefs#backers

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website.

https://opencollective.com/sous-chefs/sponsor/0/website https://opencollective.com/sous-chefs/sponsor/1/website https://opencollective.com/sous-chefs/sponsor/2/website https://opencollective.com/sous-chefs/sponsor/3/website https://opencollective.com/sous-chefs/sponsor/4/website https://opencollective.com/sous-chefs/sponsor/5/website https://opencollective.com/sous-chefs/sponsor/6/website https://opencollective.com/sous-chefs/sponsor/7/website https://opencollective.com/sous-chefs/sponsor/8/website https://opencollective.com/sous-chefs/sponsor/9/website

More Repositories

1

docker

Development repository for the docker cookbook
Ruby
1,348
star
2

elasticsearch

Development repository for the elasticsearch cookbook
Ruby
882
star
3

aws

Development repository for the aws cookbook
Ruby
594
star
4

nginx

Development repository for the nginx cookbook
Ruby
551
star
5

rvm

Development repository for the rvm cookbook
Ruby
516
star
6

php

Development repository for the php cookbook
HTML
445
star
7

jenkins

Development repository for the jenkins cookbook
Ruby
424
star
8

java

Development repository for the java cookbook
Ruby
397
star
9

postgresql

Development repository for the postgresql cookbook
Ruby
357
star
10

mysql

Development repository for the mysql cookbook
Ruby
336
star
11

ruby_rbenv

Development repository for the ruby_rbenv cookbook
Ruby
332
star
12

redisio

Development repository for the redisio cookbook
HTML
297
star
13

apache2

Development repository for the apache2 cookbook
Ruby
282
star
14

nodejs

Development repository for the nodejs cookbook
Ruby
228
star
15

apt

Development repository for the apt cookbook
Ruby
203
star
16

consul

Development repository for the consul cookbook
Ruby
191
star
17

haproxy

Development repository for the haproxy cookbook
Ruby
156
star
18

graphite

Development repository for the graphite cookbook
Ruby
154
star
19

homebrew

Development repository for the homebrew cookbook
Ruby
151
star
20

users

Development repository for the users cookbook
Ruby
138
star
21

nagios

Development repository for the nagios cookbook
Ruby
125
star
22

ruby_build

Development repository for the ruby_build cookbook
Ruby
123
star
23

git

Development repository for the git cookbook
Ruby
123
star
24

logrotate

Development repository for the logrotate cookbook
Ruby
122
star
25

percona

Development repository for the percona cookbook
Ruby
117
star
26

openssh

Development repository for the openssh cookbook
Ruby
114
star
27

powershell

Development repository for the powershell cookbook
Ruby
110
star
28

tomcat

Development repository for the tomcat cookbook
Ruby
99
star
29

openvpn

Development repository for the openvpn cookbook
Ruby
98
star
30

ark

Development repository for the ark cookbook
Ruby
98
star
31

line

Development repository for the line cookbook
Ruby
97
star
32

firewall

Development repository for the firewall cookbook
Ruby
95
star
33

yum

Development repository for the yum cookbook
Ruby
95
star
34

kafka

Development repository for the kafka cookbook
Ruby
91
star
35

erlang

Development repository for the erlang cookbook
Ruby
87
star
36

sublimechef

A Sublime Text 2 Package for authoring Chef related files
84
star
37

iis

Development repository for the iis cookbook
Ruby
82
star
38

etcd

Development repository for the etcd cookbook
Ruby
79
star
39

cron

Development repository for the cron cookbook
Ruby
77
star
40

grafana

Development repository for the grafana cookbook
Ruby
76
star
41

chef-splunk

Development repository for the chef-splunk cookbook
Ruby
76
star
42

sc-mongodb

Development repository for the sc-mongodb cookbook
Ruby
75
star
43

certificate

Development repository for the certificate cookbook
Ruby
73
star
44

ntp

Development repository for the ntp cookbook
Ruby
68
star
45

rsyslog

Development repository for the rsyslog cookbook
Ruby
65
star
46

sql_server

Development repository for the sql_server cookbook
Ruby
63
star
47

fail2ban

Development repository for the fail2ban cookbook
Ruby
58
star
48

selinux

Development repository for the selinux cookbook
Ruby
58
star
49

windows_ad

Development repository for the windows_ad cookbook
Ruby
58
star
50

vagrant

Development repository for the vagrant cookbook
Ruby
57
star
51

varnish

Development repository for the varnish cookbook
Ruby
56
star
52

lvm

Development repository for the lvm cookbook
Ruby
56
star
53

perl

Development repository for the perl cookbook
Ruby
52
star
54

golang

Development repository for the golang cookbook
Ruby
50
star
55

memcached

Development repository for the memcached cookbook
Ruby
49
star
56

mariadb

Development repository for the mariadb cookbook
Ruby
48
star
57

hashicorp-vault

Development repository for the hashicorp-vault cookbook
Ruby
46
star
58

rundeck

Development repository for the rundeck cookbook
Ruby
46
star
59

ossec

Development repository for the ossec cookbook
Ruby
44
star
60

ufw

Development repository for the ufw cookbook
Ruby
44
star
61

confluence

Development repository for the confluence cookbook
Ruby
43
star
62

openldap

Development repository for the openldap cookbook
Ruby
42
star
63

nfs

Development repository for the nfs cookbook
Ruby
40
star
64

kubernetes

Development repository for the kubernetes cookbook
Ruby
39
star
65

vim

Development repository for the vim cookbook
Ruby
38
star
66

maven

Development repository for the maven cookbook
Ruby
36
star
67

bind

Development repository for the bind cookbook
Ruby
36
star
68

passenger_apache2

Development repository for the passenger_apache2 cookbook
Ruby
36
star
69

keepalived

Development repository for the keepalived cookbook
Ruby
33
star
70

aptly

Development repository for the aptly cookbook
Ruby
31
star
71

samba

Development repository for the samba cookbook
Ruby
30
star
72

resolver

Development repository for the resolver cookbook
Ruby
28
star
73

squid

Development repository for the squid cookbook
Ruby
28
star
74

snort

Development repository for the snort cookbook
Ruby
27
star
75

pyenv

Development repository for the pyenv cookbook
Ruby
27
star
76

freebsd

Development repository for the freebsd cookbook
Ruby
27
star
77

dhcp

Development repository for the dhcp cookbook
Ruby
27
star
78

nrpe

Development repository for the nrpe cookbook
Ruby
25
star
79

rsync

Development repository for the rsync cookbook
Ruby
24
star
80

github

Development repository for the github cookbook
Ruby
24
star
81

filesystem

Development repository for the filesystem cookbook
Ruby
24
star
82

yum-epel

Development repository for the yum-epel cookbook
Ruby
23
star
83

network_interfaces

Development repository for the network_interfaces cookbook
Ruby
23
star
84

drbd

Development repository for the drbd cookbook
Ruby
19
star
85

djbdns

Development repository for the djbdns cookbook
Ruby
19
star
86

sssd_ldap

Development repository for the sssd_ldap cookbook
Ruby
18
star
87

dpkg_autostart

Development repository for the dpkg_autostart cookbook
Ruby
18
star
88

packagecloud

Development repository for the packagecloud cookbook
Ruby
17
star
89

webpi

Development repository for the webpi cookbook
Ruby
17
star
90

gems

Development repository for the gems cookbook
Ruby
17
star
91

language-chef

Development repository for the language-chef plugin for the Atom text editor
JavaScript
17
star
92

elixir

Development repository for the elixir cookbook
Ruby
17
star
93

htpasswd

Development repository for the htpasswd cookbook
Ruby
15
star
94

stunnel

Development repository for the stunnel cookbook
Ruby
14
star
95

apparmor

Development repository for the apparmor cookbook
Ruby
14
star
96

smartmontools

Development repository for the smartmontools cookbook
HTML
13
star
97

transmission

Development repository for the transmission cookbook
Ruby
13
star
98

gpg

Development repository for the gpg cookbook
Ruby
12
star
99

wix

Development repository for the wix cookbook
Ruby
12
star
100

tftp

Development repository for the tftp cookbook
Ruby
11
star